The Cabinet Office closed the GCSx email service on 31st March 2019.
As such, please be aware that GCSx email accounts will cease to receive and send email as of 31st March 2019.
Xentrall ICT Services has configured our standard email in a secure way, according to NCSC guidance. This means that;
addresses are now sufficiently secure to use them when you want to receive sensitive; special category, or otherwise confidential information from our staff.
You should confirm with your local ICT Department that your email is also secure for sending to us in this manner.
You should cease using this GCSx email account and start using a regular Council email account before the shut off date so that any unforeseen problems can be addressed prior to withdrawal of the service.
If you have concerns regarding this, please contact your local ICT Department or Information Governance teams for guidance on what to do next.
.gov.uk email domains that are managed by Xentrall ICT Services;
are configured with enforced TLS in transit to the following email domains;
*.cjsm.net (via CJSM SMTP secure transfer)
Please note that because we guarantee secure delivery, this does not make the receiving system necessarily approved for receiving certain types of data, for example;
- NHS only deal in sensitive data when emails are sent to addresses ending in *.secure.nhs.uk & *.nhs.net
As such we are not advising staff to change working practices if they already use secure addresses at the receiving end, this purely describes the email travelling from DBC/SBC/TVCA to the recipient as secure in transit.
If you are unsure about this please check with your local ICT department or Information Governance department.
If any subdomains are unable to receive TLS encryption, we will send email to them always using Microsoft Office Message Encryption (OME) (search 'Microsoft OME' for more detail)
Our .gov.uk email domains are configured to only send email from systems that are managed, to ensure these rules are maintained consistently.
As such we publish accurate SPF & DKIM records, with a DMARC policy of 'reject' for these (and most of our other) domains.